Feeds

Google throws a bone to privacy watchdogs

Will keep your data for 18 months

Boost IT visibility and business value

Google is cutting back the time it holds user-identifying data - a little. But will this be enough to placate privacy advocates?

The search giant is to scrub personally identifying information after 18 months, compared with the limit of 18 months to two years it set out in March.

Google's Global Privacy Counsel Peter Fleischer announced the revised policy in a June 10 letter addressed to the head of a European Union working group that recently called on Google to justify why it needed to store personally identifiable information for as long as two years. The Article 29 Data Protection Working Party had also requested Google provide more details about how it planned to anonymize data.

"After considering the Working Party's concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18-to-24 months," Fleischer wrote in an accompanying blog entry. But lest Google critics take to spontaneous dancing in the streets, Fleischer warned "that future data retention laws may obligate us to raise the retention period to 24 months".

If it sounds like Google is tip-toeing through a mine field, it's because the company has come under fierce attack by privacy advocates. Recently, Privacy International, a UK-based privacy watchdog, ranked Google's privacy practices last among major internet service companies. And a chorus of critics have formally complained to the Federal Trade Commission that Google's proposed acquisition of DoubleClick, the biggest online ad server company, would create a repository of consumer information so vast it would be ripe for abuse by Google, its partners and government agents.

To hear Fleischer tell it, Google is walking the razor-thin line between security, innovation and compliance on the one side and privacy on the other. While a decision not to collect personal information at all would warm the hearts of even the most jaded privacy advocates, it would hamper other important objectives, he says. Among them is internet security and enforcement of child protection laws, which benefit from Google collecting IP numbers and tying them to specific searches.

And as if that wasn't enough, Fleischer says, Google as a global business has to comply with a patchwork of conflicting laws that span the globe. Complying with, say, a European law that mandates that personal information be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed" may seem like a simple thing. But try telling that to the US goon squad enforcing Sarbanes Oxley, which requires Google "retain business records sufficient to establish adequate financial and other controls".

Food for thought, perhaps, but Kevin Bankston, a staff attorney at the Electronic Frontier Foundation remains skeptical that forces beyond Google's control mandate the storing of personal data for such a long period. By comparison, he says, AOL anonymizes searches after 30 days. He also criticizes Google for not explaining exactly what laws it believes requires it to store information for as long as 18 months.

Says Bankston: "The burden is on Google to demonstrate why that is the case. Considering the much shorter retention periods of competitors like AOL, I don't think they've met that burden." ®

Seven Steps to Software Security

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.